diff options
| author | tb <> | 2020-12-15 16:04:49 +0000 |
|---|---|---|
| committer | tb <> | 2020-12-15 16:04:49 +0000 |
| commit | 504bf1627e800924a2e652013e03bb332dbcb7e3 (patch) | |
| tree | 846602078876e31b51a7a0cbda8fb147198266a3 | |
| parent | 49f8c65dfe3b1b8b8e597c81e67ab5078e7372a1 (diff) | |
| download | openbsd-504bf1627e800924a2e652013e03bb332dbcb7e3.tar.gz openbsd-504bf1627e800924a2e652013e03bb332dbcb7e3.tar.bz2 openbsd-504bf1627e800924a2e652013e03bb332dbcb7e3.zip | |
Use natural sizes for S3I(s)->tmp's *_md arrays
It is a historical artifact that cert_verify_md[], finish_md[] and
peer_finish_md[] are twice as large as they need to be. This is
confusing, especially for finish_md[] and peer_finish_md[] which are
copied to to previous_client_finished[] and previous_server_finished[]
which are only half as large. It is easy to check that they will never
get more than EVP_MAX_MD_SIZE data written to them.
In 1998, EVP_MAX_MD_SIZE was 20 bytes long (for SHA-1). This got bumped to
16+20 for the SSLv3-specific md5+sha1. Apparently under the impression
that EVP_MAX_MD_SIZE was still 20 bytes, someone else doubled finish_md[]'s
size to EVP_MAX_MD_SIZE*2 and added /* actually only needs to be 16+20 */.
A bit later finish_md[] was split up, and still a bit later the comment was
amended for TLSv1. Shortly thereafter SHA-512 required a bump of
EVP_MAX_MD_SIZE to 64 by a third person and we have been carrying 192 bytes
of untouched memory in each of our SSLs ever since.
ok inoguchi jsing (jsing had the same diff)
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 80a7d95be5..312c18f7ca 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.309 2020/12/14 15:20:31 tb Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.310 2020/12/15 16:04:49 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -892,13 +892,11 @@ typedef struct ssl3_state_internal_st { | |||
| 892 | struct { | 892 | struct { |
| 893 | int new_mac_secret_size; | 893 | int new_mac_secret_size; |
| 894 | 894 | ||
| 895 | /* actually only needs to be 16+20 */ | 895 | unsigned char cert_verify_md[EVP_MAX_MD_SIZE]; |
| 896 | unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; | ||
| 897 | 896 | ||
| 898 | /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ | 897 | unsigned char finish_md[EVP_MAX_MD_SIZE]; |
| 899 | unsigned char finish_md[EVP_MAX_MD_SIZE*2]; | ||
| 900 | size_t finish_md_len; | 898 | size_t finish_md_len; |
| 901 | unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2]; | 899 | unsigned char peer_finish_md[EVP_MAX_MD_SIZE]; |
| 902 | size_t peer_finish_md_len; | 900 | size_t peer_finish_md_len; |
| 903 | 901 | ||
| 904 | unsigned long message_size; | 902 | unsigned long message_size; |